Summary: Multiple critical security vulnerabilities have been identified in Sante PACS Server, used extensively in healthcare for managing medical images. These vulnerabilities could permit unauthorized access, data theft, and service disruptions, posing significant risks to patient privacy and system integrity. Users are urged to upgrade to version 4.2.0 or later to mitigate these risks.
Affected: Sante PACS Server
Keypoints :
- CVE-2025-2263: Critical stack-based buffer overflow (CVSS 9.8) during login that allows unauthorized access.
- CVE-2025-2264: Path Traversal Information Disclosure vulnerability (CVSS 7.5) enabling file downloads by unauthenticated attackers.
- CVE-2025-2265: Vulnerable password storage method (CVSS 7.8) that compromises user data security.
- CVE-2025-2284: Denial-of-Service vulnerability (CVSS 7.5) that can disrupt PACS server operations.
- Failure to address these flaws could lead to serious data breaches and violations of regulations such as HIPAA.